In association with heise online

Virtualisation

In conjunction with development versions of Xen hypervisor 4.3, Linux can now run virtual machines running with the aid of virtualisation features offered by some of the latest ARM cores (1, 2 and others). KVM support for these ARM virtualisation features is still a work in progress.

Linux guests can now use key value pair guest drivers for Microsoft's Hyper-V to share information on network configuration with Microsoft's hypervisor (1, 2 and others). Extensions for exchanging information of this type have been added to the hv_kvp_daemon.c background service, which is included in the Linux kernel's tools directory (1, 2 and others). Because the steps for setting or reading network configuration differ in major Linux distributions, for some of its work the daemon uses scripts, which are easily adaptable to differing conditions. Sample scripts for configuring a network interface or reading the DNS configuration have also been merged into the kernel.

The use_bio=1 parameter can be used to activate an alternative operating mode for the virtio-blk block device driver, which accelerates data transfer between the guest and host on very fast storage devices. This is illustrated by measurements made using a ramdisk and a Fusion IO PCIe Flash card posted in the commit comments. With a normal SATA disk, however, the new approach is slower. The main git pull requests for the Linux KVM code and Xen support discuss other significant changes in the virtualisation field.

Process tracing

The tracing infrastructure has gained perf-kvm, an events analysis tool which can be used to analyse the reasons why and the frequency with which a KVM guest switches to the host system ("VM exit"). This is just one of many enhancements to the tracing code. There is also a new system-wide tracing tool, perf-trace, the initial functionality of which has been compared by its developers with that of the "venerable" strace. The new tool, however, utilises the kernel's perf infrastructure, which should enable it to offer a broader range of functions. Kernel probes (kprobes) can now use static ftrace checkpoints (where they exist at the point in question) instead of breakpoints. This should reduce overhead during analysis. Also new is basic support in perf for the performance monitoring unit (PMU) on Intel's Xeon Phi coprocessors.

Compartmentalisation

The Linux kernel now supports the processor security feature SMAP (supervisor mode access prevention) (1, 2, 3 and others). Intel is planning to introduce this feature in its Haswell processors, which are set to succeed the current Ivy Bridge generation in the first half of 2013. SMAP protects memory pages used by programs from unwanted changes by the kernel. Attackers sometimes exploit kernel bugs to make changes to memory used by programs that run with root privileges, in order to escalate their own privileges. Details of this feature can be found from page 408 of Intel's Architecture Instruction Set Extensions Programming Reference PDF, in a posting on the grsecurity forum, and in an LWN.net article.

Miscellaneous

  • As with most Linux versions released over the last year, in Linux 3.7 the kernel developers have optimised some of the kernel's cryptographic algorithms. Improvements to the aesni_intel driver, for example, should allow some operations to triple their throughput, as shown by tcrypt benchmark results given in the commit comments.
  • If the ACPI table contains a description for the components of a system, it can now be read from the sysfs directories for the relevant components using the firmware_node/description file.
  • The tools/power/acpi/ directory in the kernel source code now contains userspace diagnostics tool acpidump, which saves the ACPI tables to an ASCII file. This information can help developers who do not have access to the stricken system with debugging.
  • The Sparc code now supports Niagara 4.

Next: Minor Gems

Print Version | Permalink: http://h-online.com/-1758293
  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit